Vulnerability Description
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Michael Glickman | Itetris | 1.6.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0295.htmlExploitVendor Advisory
- http://www.securityfocus.com/bid/2139ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5795
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0295.htmlExploitVendor Advisory
- http://www.securityfocus.com/bid/2139ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5795
FAQ
What is CVE-2001-0087?
CVE-2001-0087 is a vulnerability with a CVSS score of 7.2 (HIGH). itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it poi...
How severe is CVE-2001-0087?
CVE-2001-0087 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0087?
Check the references section above for vendor advisories and patch information. Affected products include: Michael Glickman Itetris.